package com.xq.config;

import com.xq.filter.JwtAuthenticationFilter;
import com.xq.security.CustomUserDetailsService;
import com.xq.security.provider.SmsCodeAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomUserDetailsService userDetailsService;

    @Autowired
    private SmsCodeAuthenticationProvider smsCodeAuthenticationProvider;

    @Autowired
    private JwtAuthenticationFilter jwtAuthenticationFilter;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    //认证的规则
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // //拼接用户   在spring Security中加入了新的加密方式 passwordEncoder()可以选择使用
        // auth.inMemoryAuthentication().withUser("admin").password(passwordEncoder().encode("admin")).roles("ADMIN")
        //         .and()
        //         .withUser("user").password(passwordEncoder().encode("user")).roles("USER");
        // ;
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
        auth.authenticationProvider(smsCodeAuthenticationProvider); //添加自定义的provider
    }


    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }


    //授权的规则
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                //禁用CSRF保护
                .csrf().disable()
                .authorizeRequests()
                //表明说明说明路径下可以随意访问的路径（不需要认证的）    可以写很多个
                //没有权限默认会跳到一个登录页面
                .antMatchers("/api/auth/**","/**").permitAll()
                .antMatchers("/api/auth/**",
                        "/swagger-ui/**",
                        "/v2/api-docs/**",
                        "/v3/api-docs/**",
                        "/swagger-resources/**",
                        "/webjars/**",
                        "/doc.html/**",
                        "/favicon.ico" ).permitAll()
                //其他请求需要认证
                .anyRequest().authenticated()
                .and()
                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); // 添加自定的jwt过滤器
                //此设置没有权限会跳转到登录页面
                //.formLogin()
                //.permitAll()
                //.and()
                //开启了注销功能
                //.logout()           //.logoutUrl()设置注销账户后跳转到哪里
                //.permitAll();
    }





}
